ENTERPRISE MOBILITY SUITE
With the Microsoft Enterprise Mobility Suite (EMS), you can enable your end users to be productive on and off the corporate network across a wide variety of devices. Simply put, EMS enables you to securely extend the availability of your trusted data to the devices your users want to use, at the locations they want to work. EMS includes three core components that combine hybrid identity management, data protection, and mobile device/application management: Azure Active Directory Premium, Azure Rights Management, and Windows Intune. Because Microsoft bundles these three technologies together, you can save a significant amount of money over purchasing three independent point solutions.
Azure Active Directory Premium
Azure Active Directory Premium (AAD-P) provides every user with a hybrid identity that bridges the gap between traditional on-premises applications and cloud based Software as a Service (SaaS) offerings. Built on Microsoft’s fifteen plus year heritage of success with Active Directory, AAD-P enables you to securely manage access to Office 365 and nearly 3,000 other SaaS applications. The sheer magnitude of activity that AAD-P manages means advanced security reporting that provides you with deep insight in to threats to your organization that are identified by the AAD-P infrastructure.
AAD-P enables your users to work efficiently and securely with self-service options like password reset, application access requests, and multi-factor authentication that all integrate seamlessly between the cloud and your on-premises infrastructure.
AZURE RIGHTS MANAGEMENT
Azure Rights Management (RMS) secures access to documents and data. When data is protected with RMS, it is encrypted in place and a set of “rights” to that data are defined by the owner. To decrypt a protected document, the recipient must be authorized by the RMS service. Once they are authorized, their PC or mobile device (including Apple and Android devices) will ensure that the user can only take the actions they are allowed to. For example, they may be allowed to read the document but not print or forward it to a third party.
Document owners can use the Azure RMS Tracking Portal to see who is accessing their data and revoke access if necessary.
Azure RMS also supports extensions that enable protection of non-Microsoft document formats, for example PDF files and CAD drawings.
Microsoft Intune delivers mobile device management (MDM), mobile application management (MAM), and PC management from the cloud. Whether your strategy is bring your own device (BYOD), or you supply corporate-owned devices, Intune can control data and the end user experience on Apple, Android, and Microsoft mobile devices. Furthermore, Intune is the only solution that enables you to manage the Microsoft Office mobile applications across all supported mobile platforms.
Combined with Azure Active Directory Premium, you can ensure that Office 365 and SaaS applications are only accessible from a healthy, compliant device that is managed by Intune. When a user loses their device or leaves the organization, Intune can remove company data while preserving the end user’s personal data in other applications.